<?php
namespace Common\Org\Util;
/**
 * 运营后台权限控制
 * Class RBAC
 * @package Common\Org\Util
 */

class RBAC {
    // 认证方法
    static public function authenticate($map) {
        return M('manage')->where($map)->find();
    }

    //保存用户的权限列表
    static function saveAccessList() {
        if(!$_SESSION['administrator']) {
            $access_list = RBAC::getAccessList();
            if($access_list) {
                $_SESSION['_ACCESS_LIST'] = RBAC::getAccessList();
                return true;
            } else {
                return false;
            }
        }
        return true;
    }

    //权限认证的过滤器方法
    static public function AccessDecision() {
        if(empty($_SESSION['administrator'])) {
            //获取当前操作ID
            $access = RBAC::getAccessId();
            //取得会员权限列表
            $access_list = $_SESSION['_ACCESS_LIST'];
            
            //判断方法权限
            if(isset($access['action'])) {
                if($access_list[$access['action']]) {
                    return true;
                }
                return false;
            }
            
            //判断控制器权限
            if(isset($access['module'])) {
                foreach($access['module'] as $module) {
                    if($access_list[$module]) {
                        return true;
                    }
                }
            }
            
            return false;
        }
        //管理员无需认证
        return true;
    }

    //取得当前认证号的所有权限列表ID
    static public function getAccessList() {
        $join = array();
        $join[] = 'LEFT JOIN '.C('DB_PREFIX').'role_user as user ON access.role_id = user.role_id';
        $join[] = 'LEFT JOIN '.C('DB_PREFIX').'role as role ON access.role_id = role.id';
        $_node = M()->table(C('DB_PREFIX').'access as access')->join($join)->where(array('user.user_id'=>$_SESSION['manage_id'],'role.status'=>1))->field('access.node_id as node_id')->select();

        //返回结构数据
        $access = array();
        foreach($_node as $node) {
            $access[$node['node_id']] = true;
        }
        return $access;
    }
    
    //取得当前访问权限ID
    static public function getAccessId() {
        $list = F('db_node_access');
        if(!$list) {
            $list = array();
            $map = array();
            $map['level'] = array('in','4,5');
            $map['status'] = 1;
            $_node = M('node')->where($map)->select();
            foreach($_node as $node) {
                if(intval($node['level'])===4) {
                    $list[strtolower($node['app_name'].'_'.$node['module_name'])][] = $node['id'];
                }
                if(intval($node['level'])===5 || intval($node['level'])===4) {
                    $list[strtolower($node['app_name'].'_'.$node['module_name'].'_'.$node['action_name'])] = $node['id'];
                }
            }
            F('db_node_access', $list);
        }
        //返回当前操作ID
        $access = array();
        $access['module'] = $list[strtolower(MODULE_NAME.'_'.CONTROLLER_NAME)];
        $access['action'] = $list[strtolower(MODULE_NAME.'_'.CONTROLLER_NAME.'_'.ACTION_NAME)];
        return $access;
    }
    
}